Cyber Security News

Ken Coniglio |

With billions of emails sent globally each day, it’s no wonder that email compromise has become one of the largest and most financially damaging online crimes. In an email-based scam, fraudsters send an email that appears to come from a known or reputable source with a legitimate request, such as updating a mailing address or payment instructions.

Stay aware of email-based scams involving home purchases

We’ve noticed a recent increase in email-based scams for homebuyers. In this scenario, a person is purchasing property and receives authentic instructions from the title company about wiring funds, followed by updated wiring instructions from the fraudster. Fraudsters are able to accomplish this because they have compromised the client’s or title company’s email.

To carry out an email compromise scam, fraudsters will often:

  • Create a fake email account or website: Slight variations of legitimate email and website addresses, such as one including slight misspellings, can make fake accounts appear authentic.
  • Send spearphishing emails: These messages, which seem like they’re from a trusted sender, can cause victims to reveal confidential information and result in criminals accessing personal or business accounts, calendars, and data to carry out schemes.
  • Use malware: Malicious software also lets criminals gain control of mobile phones and personal computers, which provides them undetected access to confidential data, such as passwords and financial account information.

Here are five steps you can take to protect yourself: 

  • Set up two-factor (or multi-factor) authentication on any account that allows it. You can set up multi-factor authentication for your Schwab account here.
  • Be careful with the information you share online, and the details others share about you online. Scammers often use personal or common information, such as pet names, schools you attended, links to family members, and your birthday, to send phishing emails, guess your password or answer your security questions.
  • Think before clicking or downloading. Don’t click on anything in an unsolicited email, text, social media or messaging application message asking you to update or verify account information. Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you.
  • Verify email addresses. Carefully examine the email address, URL address, and spelling used in any emails or text messages. Scammers use slight differences to trick your eye and gain your trust.
  • Compare the From address to the Reply-To address. Scammers are sometimes able to spoof a legitimate email address. Before sending a reply, confirm that the reply-to email address is accurate.